Security Researchers Find Virus Targeting Delphi Programs

Researchers at Sophos and SonicWall uncover a virus designed to infect programs written in Delphi, a programming language commonly used to develop Microsoft Windows programs.

Security researchers have
uncovered a virus with a rare modus operandi-it infects applications written in
the
Delphi
programming language
at compile time.
The malware, detected as W32/Induc-A
by Sophos, inserts itself into the source code of any
Delphi program it finds on an infected
computer. It then compiles itself into a finished executable. Right now, the
virus does not have a malicious payload and appears to be focused on simply
propagating itself.

"Because a lot of Delphi installations, including
manufacturers of pretty popular software packages, got infected, this is
getting downloaded by the user. ... People simply find, download and install QIP [chat
client] or AIMP or 'Tidy Favorites' or 'Any TV Free' or some other Delphi utility, and by running it
they get infected by the embedded virus," explained Nick
Bilogorskiy, manager of anti-virus research at SonicWall.

When a file infected with
W32/Induc-A finds a program written in
Delphi, it tries to write malicious code to
SysConst.pas, which it then compiles to SysConst.dcu. This new, infected
SysConst.dcu file will then add virus code to every new
Delphi file that gets compiled on the
system.
Over at Sophos,
researchers received more than 3,000 unique samples of programs infected with
the virus in the wild by Aug. 19. This indicates the malware has been active
for some time, blogged
Graham Cluley, senior technology consultant at Sophos. It is also likely
that a number of software houses specializing in developing applications with
Delphi are infected, he added.
"Delphi is frequently used to create
bespoke software, either by small software houses or by internal teams," wrote
Cluley. "If you believe that you may be using software written in Delphi,
you would be very wise to ensure
that your anti-virus software is updated. Actually, regardless of whether you
use Delphi-written apps, that's a good idea."